Open
Description
Helm Chart Version
1.3.1
What step the error happened?
None
Relevant information
Our internal security scans have detected to critical vulnerabilities with airbyte-pod-sweeper. This has been active in versions 1.1.0, 1.2.0, 1.3.0, 1.3.1. I have been unable to upgrade further due to issues introduced by the helm releases completely breaking airbytes usability. The vulnerabilities were assessed by GCP SCC. I've emailed security @ airbyte but this is a fairly urgent issue that needs to be addressed if it isn't already fixed in 1.5.1. I will keep trying to upgrade my deployment to see if it resolves the issue
Relevant log output
[CRITICAL] Vulnerability: gke_runtime_os_vulnerability
Project <project> container Cluster <cluster>
Deployment airbyte-pod-sweeper in ns airbyte
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
[CRITICAL] Vulnerability: gke_runtime_os_vulnerability
Project <project> container Cluster <cluster>
Deployment airbyte-pod-sweeper in ns airbyte
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).